Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Right Choice for Call Recording WWW.OAISYS.COM OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

Published bySylvia White Modified over 8 years ago

Similar presentations

Presentation on theme: "The Right Choice for Call Recording WWW.OAISYS.COM OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions."— Presentation transcript:

1 The Right Choice for Call Recording WWW.OAISYS.COM OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions

2 The Right Choice for Call Recording WWW.OAISYS.COM What is PCI DSS? Payment Card Industry (PCI) Data Security Standard (DSS) Developed by the Credit Card Industry to encourage and enhance cardholder data security Covers Network Security, Password Protection, Storage, Encryption, Software Vulnerability, etc.

3 The Right Choice for Call Recording WWW.OAISYS.COM PCI Core Principles Implement Strong Access Control ◦ Restrict access to cardholder data by business need-to-know ◦ Assign a unique ID to each person with computer access ◦ Restrict physical access to cardholder data Regularly Monitor and Test Networks ◦ Track and monitor all access to network resources and data ◦ Regularly test security systems and processes Maintain an Information Security Policy ◦ Maintain a policy that address information security

4 The Right Choice for Call Recording WWW.OAISYS.COM Who is Impacted by PCI? ANY company that stores, processes, or transmits credit card information is impacted and should be aware of the standards ◦ Financial Services ◦ Collections ◦ Sales/Retail ◦ Charities/Donor Networks

5 The Right Choice for Call Recording WWW.OAISYS.COM Call Recording and PCI DSS NO call recording software can actually be deemed “PCI compliant” Only software used to accept and process payment cards, such as card readers and online payment card validation solutions, can be PCI compliant Call recording software properly designed and developed with respect to PCI DSS can help facilitate compliance with the guidelines

6 The Right Choice for Call Recording WWW.OAISYS.COM How OAISYS Solutions Address PCI DSS Permissions-Based User Accounts Call Segment Sharing User Security and Audits Data Transmission/Encryption Standards Data Storage/Encryption Standards Recording Blackouts

7 The Right Choice for Call Recording WWW.OAISYS.COM Permissions-Based User Accounts Only authorized users can access data Permissions can be based on user type or other criteria, such as: ◦ Outside Number ◦ Call Duration ◦ Extension ◦ ACD information

8 The Right Choice for Call Recording WWW.OAISYS.COM Call Segment Sharing OAISYS Portable Voice Document (PVD™) technology provides for selective sharing of specific call segments (both internal and external) Recipients can only hear selected segments of the call Permissions can limit the length of time that a recipient will have access, or whether it can be shared further

9 The Right Choice for Call Recording WWW.OAISYS.COM User Security and Audits The OAISYS solution provides an administrative interface that delivers activity tracking and reporting ◦ Date, time, and user associated with access of any call ◦ User authentication controls are granular, which allows provisioning of the minimum access level required for tasks Call recordings include a digital watermark ◦ Proves call has not been altered in any way ◦ Can verify that sensitive information was not included or recorded

10 The Right Choice for Call Recording WWW.OAISYS.COM Data Transmission Standards PCI requires use of strong cryptography (such as SSL or IPSEC) during transmission over open, public networks ◦ The Internet ◦ Wireless Technologies ◦ Global System for Mobile (GSM) If sharing/sending is done internally, this requirement does not apply

11 The Right Choice for Call Recording WWW.OAISYS.COM Data Transmission Standards If needed, strong encryption during transmission can be obtained when using a VPN with IP Security (IPSEC) and Triple Data Encryption Standard (TDES) ◦ IPSEC handles the connection to the outside network ◦ TDES encrypts the streaming data

12 The Right Choice for Call Recording WWW.OAISYS.COM Database Encryption Standards OAISYS can utilize file-level encryption if necessary Encryption is tied to the Operating System (Windows 7 or Server 2008) Advanced Encryption Standard (AES) calls for 128-bit encryption minimum ◦ Windows AES uses 256-bit key

13 The Right Choice for Call Recording WWW.OAISYS.COM Blackouts If you do not record the Primary Account Number (PAN), PCI requirements DO NOT APPLY PCI DSS requires that Card Verification Codes are NOT stored under any circumstance, even if encrypted If you do not record the PAN or Card Verification Codes, you can easily comply with PCI standards

14 The Right Choice for Call Recording WWW.OAISYS.COM Wait a second… You provide call recording and you’re telling me NOT to record?

15 The Right Choice for Call Recording WWW.OAISYS.COM Three Ways to NOT Record 1. Do not record stations collecting data requiring PCI adherence 2. Transfer calls to non-recorded stations when PCI data is collected 3. Stop recording of calls when obtaining data requiring PCI adherence, then start again after data is obtained – in other words, BLACKOUT the data

16 The Right Choice for Call Recording WWW.OAISYS.COM How can I blackout only during the period where I am capturing PCI sensitive information?

17 The Right Choice for Call Recording WWW.OAISYS.COM OAISYS Desktop Client – Manual Recording Stop User can manually click the start/stop button on the OAISYS Desktop Client Requires manual intervention, but allows for flexible start/stop Start/Stop Button

18 The Right Choice for Call Recording WWW.OAISYS.COM Desktop Client API – Automatically Start/Stop Desktop Client utilizes a COM (ActiveX) interface to accept client-to-client commands to automatically start/stop recording Start/Stop functionality can be engaged by placement of the cursor in the appropriate field on the client application

19 The Right Choice for Call Recording WWW.OAISYS.COM Desktop Client API – In Layman’s Terms Place your cursor in the credit card # field on the client software and it sends a trigger to the OAISYS software to STOP recording automatically Move your cursor to another field and the client software sends a follow up trigger to the OAISYS software to START recording again

20 The Right Choice for Call Recording WWW.OAISYS.COM Desktop Client API – Internet Explorer Plug-in OAISYS has developed a plug-in utilizing IE7 and the Desktop Client which can automatically start/stop based on the position of the cursor in the browser window Works for ANY website, not just client controlled addresses

21 The Right Choice for Call Recording WWW.OAISYS.COM Desktop Port API – Automatically Start/Stop Desktop Port API utilizes server-to-server commands to automatically start/stop recording Typically applies to systems like predictive dialers that have their own client access software Essentially provides same functionality as Desktop API, but for different types of applications

22 The Right Choice for Call Recording WWW.OAISYS.COM Questions? OAISYS Sales Engineering SE@oaisys.com 888-496-9040 option 3 SE@oaisys.com

Download ppt "The Right Choice for Call Recording WWW.OAISYS.COM OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions."

Similar presentations

The Right Choice for Call Recording WWW.OAISYS.COM OAISYS and Mitel: Call Recording Solution Configuration.

The Right Choice for Call Recording OAISYS and Mitel: Call Recording Solution Configuration.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.

Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.
OAISYS Public Safety Solutions Safeguarding Mission-Critical Communications.

OAISYS Public Safety Solutions Safeguarding Mission-Critical Communications.
1 Copyright © 2005, Cisco Systems, Inc. All rights reserved. Applying Security Principles to Networking Applications Mark Enright Dec.

1 Copyright © 2005, Cisco Systems, Inc. All rights reserved. Applying Security Principles to Networking Applications Mark Enright Dec.
WWW.OAISYS.COM OAISYS Solutions Version 7.0 What’s New 1.

OAISYS Solutions Version 7.0 What’s New 1.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Information Security Policies and Standards

Information Security Policies and Standards
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Similar presentations

Ads by Google